unrealone1
asked on
Issue with virus on Dropbox within company network
Hello Experts,
We have a customer with 80 users on a server 2003 domain, they use dropbox for spare files and it seems that ist has become infected and drop box is connected with al the uses, we have had an outbreak of malware and trojans from dropbox and gone everywhere. They use Sophos AV, question for you guys is what do we do next?
Kind Regards,
ABCOM
We have a customer with 80 users on a server 2003 domain, they use dropbox for spare files and it seems that ist has become infected and drop box is connected with al the uses, we have had an outbreak of malware and trojans from dropbox and gone everywhere. They use Sophos AV, question for you guys is what do we do next?
Kind Regards,
ABCOM
First, you need to identify the file in dropbox which is causing the grief. I have found that the ESET Online Scanner or Hitman Pro are both very good at finding things which have hidden themselves from the local A/V.
It is best for a user to have the Dropbox desktop client in order to safeguard and enforce scanning. All files dropped into the synced folder will upload and download to/from cloud storage. User should ensure their scanner’s default folder scanning also include this sync folder minimally and for any active access on document scanning to be checked - for case of use of Symantec SEP, it has Auto-protect for such remote use case @ http://www.symantec.com/connect/forums/upload-dropbox-or-boxcom
I believe Sophos scanning regime using run Anti-Virus and HIPS will have a better safeguard to detect infected document too - see https://www.sophos.com/en-us/support/knowledgebase/114345.aspx
But of course if the document is obscured by password protected or machine is not patched up to date for any "zero days" or old AV signature, the infection is still possible on download from the shared Dropbox folder...
I believe Sophos scanning regime using run Anti-Virus and HIPS will have a better safeguard to detect infected document too - see https://www.sophos.com/en-us/support/knowledgebase/114345.aspx
But of course if the document is obscured by password protected or machine is not patched up to date for any "zero days" or old AV signature, the infection is still possible on download from the shared Dropbox folder...
Dropbox doesn't use VirusTotal to hash comparison uploaded files for suspected Malware? That's just sad and ridiculous.
So a hacker can compromise an account and blast out https:// trash links to everyone using the reputation of a digicert'd, third-party trusted host.
So a hacker can compromise an account and blast out https:// trash links to everyone using the reputation of a digicert'd, third-party trusted host.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you don't already, you need to be backing up the Dropbox files to a remote location with the ability to recover various versions of the files, so if something becomes infected, you can easily revert to a previous version.
Alan